#xss

ProjeQtOr Project Management System version 10.4.1 suffers from multiple cross site scripting vulnerabilities.

MineStack version 1.0 suffers from a persistent cross site scripting vulnerability.

EX-RATE version 1.0 suffers from a persistent cross site scripting vulnerability.

WinterCMS versions prior to 1.2.3 suffer from a persistent cross site scripting vulnerability.

Montage version 1.0 suffers from a persistent cross site scripting vulnerability.

Wedding Wonders version 1.0 suffers from a persistent cross site scripting vulnerability.

The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.

The Querlo Chatbot WordPress plugin through 1.2.4 does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability.

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower roles access to such feature.